dprevot/php-sqlsrv
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add ActiveDirectoryIntegrated authentication (#1382)

Browse source
This commit is contained in:
Sicong 2022-05-09 12:16:02 -07:00 committed by GitHub
parent 405ea79ece
commit 8628c28541
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
source/shared/core_conn.cpp
View file

@ -697,8 +697,10 @@ void build_connection_string_and_set_conn_attr( _Inout_ sqlsrv_conn* conn, _Inou
// Check if Authentication is ActiveDirectoryMSI because we have to handle this case differently
// https://docs.microsoft.com/en-ca/azure/active-directory/managed-identities-azure-resources/overview
bool activeDirectoryMSI = false;
bool activeDirectoryIntegrated = false;
if (authentication_option_used) {
const char aadMSIoption[] = "ActiveDirectoryMSI";
const char addIntegratedOption[] = "ActiveDirectoryIntegrated";
zval* auth_option = NULL;
auth_option = zend_hash_index_find(options, SQLSRV_CONN_OPTION_AUTHENTICATION);
@ -707,8 +709,14 @@ void build_connection_string_and_set_conn_attr( _Inout_ sqlsrv_conn* conn, _Inou
option = Z_STRVAL_P(auth_option);
}
if (option != NULL && !stricmp(option, aadMSIoption)) {
activeDirectoryMSI = true;
if (option != NULL) {
// Check if the user is using ActiveDirectoryMSI or ActiveDirectoryIntegrated
if (!stricmp(option, aadMSIoption)) {
activeDirectoryMSI = true;
}
else if (!stricmp(option, addIntegratedOption)) {
activeDirectoryIntegrated = true;
}
}
}
@ -730,7 +738,8 @@ void build_connection_string_and_set_conn_attr( _Inout_ sqlsrv_conn* conn, _Inou
// If uid is not present then we use trusted connection -- but not when connecting
// using the access token or Authentication is ActiveDirectoryMSI
if (!access_token_used && !activeDirectoryMSI) {
// ActiveDirectoryIntegrated does not need UID or PWD
if (!access_token_used && !activeDirectoryMSI && !activeDirectoryIntegrated) {
if (uid == NULL || strnlen_s(uid) == 0) {
connection_string += CONNECTION_OPTION_NO_CREDENTIALS; // "Trusted_Connection={Yes};"
}